OPNsense adds new Wireguard routes

Started by Maxio, July 23, 2024, 06:46:37 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 23, 2024, 06:46:37 PM
As in the topic, OPNsense adds new Wireguard routes and therefore the entire system has no access to the internet, neither LAN, VLANS nor opnsense itself. From what I noticed, after removing two routes (img), everything returns to normal and you can connect to the VPN. Can someone tell me what is wrong? System was online for a long time and I noticed it only when I lost the connection after restarting
July 23, 2024, 06:55:29 PM #1 Last Edit: July 23, 2024, 06:57:51 PM by Seimus
Looks like RA?

Are you sure you did read the docs properly?

Cause in the Peer configuration allowed IPs:

QuoteUnique tunnel IP address (IPv4 and/or IPv6) of client - it should be a /32 or /128 (as applicable) within the subnet configured on the WireGuard Instance. For example, 10.10.10.2/32


You cant put 0/0 into peer configuration on OPNsense, this goes into the configuration on the APP site for the Client device.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
July 23, 2024, 06:55:51 PM #2
Allowed IPs in peer config is misconfigured. This should be the clients IP,  not what the client is allowed to.
i am not an expert... just trying to help...
July 23, 2024, 06:57:47 PM #3
Since I am unable to do so:
Can someone raise a ticket on github, suggesting that the option in GUI and also description should be changed?
We have loads of threads about this...
i am not an expert... just trying to help...
July 23, 2024, 06:59:59 PM #4
i am not an expert... just trying to help...
July 23, 2024, 07:08:54 PM #5
okay then it's my fault. Honestly, I didn't read the documentation carefully, I relied more on how i configured WG in the past. Thank you very much for help
July 23, 2024, 07:28:20 PM #6
Quote from: tiermutter on July 23, 2024, 06:57:47 PM
Since I am unable to do so:
Can someone raise a ticket on github, suggesting that the option in GUI and also description should be changed?
We have loads of threads about this...
Unfortunately these descriptions/names come from WireGuard, not from OPNsense. Naming them different from what other systems with WG use is a really bad idea, IMHO.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 23, 2024, 07:41:40 PM #7
Sure, that's because I also suggested to leave original naming in addition. However, the description in GUI is not correct and needs a fix (if not already fixed).
i am not an expert... just trying to help...
Print
Go Up Pages1
User actions